moderated Re: Two issues in joining a group #bug

Malcolm Austen

On 28/01/2021 22:43:47, Duane <txpigeon@...> wrote:

On Thu, Jan 28, 2021 at 04:03 PM, Malcolm Austen wrote:
user set [NC]
Just to make sure you understand, they're only set to NC if they don't already have a account.
Malcolm Austen: 
Thanks Duane, I was not aware of that (or if I was, I have forgotten!)

That seems to say that if person A is already a member of one group (and therefore has an account) then person B (a baddie) can, by spoofing the sending address, subscribe person A to arbitrary numbers of other groups.

That would be a seriously worrying security flaw.
They should also get 2 separate emails, one to confirm their email address if they don't have an account, the other to confirm that they really want to join a group.
Malcolm Austen: 
This was an address never before presented to - two emails were received but not as you describe. One was the group welcome message (implying the membership process was complete) and the second was a dual function message:

Subject: Confirm your join-ken-eng@... email address

Body (my italics and links stripped):

Thank you for your interest in the group at If you did not request or do not want to join, please ignore this message.

If you only want to send and receive messages from, reply to this email to confirm your email address and activate your membership.

Messages will be sent to you at join-ken-eng@...
Send messages to
If you want to use the resources and read messages on the website, please click on the link below to confirm your email address, set up a password, and choose other subscription settings:

Confirm account

The Team
I know there's a list showing the complete sequence someplace, both with an account and without, as well as restricted group or not.
Malcolm Austen: 
If it still represents the actuality then it would be interesting to see. My report concerned an unrestricted group BTW.


Join to automatically receive all group messages.